Searching previous software vulnerabilities

The IMHO Webmail module 0.97.3 and earlier for

Webmail | module | IMHO |

The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.


Multiple ethernet Network Interface Card (NIC)

Interface | ethernet | Multiple | Network | Card |

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.


3com OfficeConnect Remote 812 ADSL Router 1.1.7

OfficeConnect | Remote | 3com |

3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.


Certain USB drivers in the Linux 2.4 kernel use

uninitialized | copy_to_user | information | structures | sensitive | function | previous | Certain | reading | drivers | cleared | obtain | kernel | memory | usage | could | which | Linux | users | local | allow | USB | not | use |

Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.


smbd in Samba before 2.2.11 allows remote attac

before | Samba | smbd |

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.


shoprestoreorder.asp in VP-ASP 5.0 does not clo

shoprestoreorderasp | connection | attackers | restores | previous | database | service | VP-ASP | remote | denial | allows | cause | close | order | which | user | does | not |

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).


Microsoft Internet Explorer 6 allows remote att

historyback | facilitate | Javascript | attackers | NullyFake | Microsoft | phishing | Internet | previous | Explorer | modifies | Location | navigate | invalid | address | attacks | remote | allows | domain | field | spoof | uses | then | aka | bar | URI | via |

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.


Firefox 1.0.3 allows remote attackers to execut

Firefox |

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.


Unspecified vulnerability in "edit submission h

vulnerability | Unspecified | submission | MediaWiki | handling" | before | "edit | 14x |

Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.


The popSubjectContext method in the SecurityAss

SecurityAssociation | popSubjectContext | Enterprise | method | Beans | class | JBoss | Java |

The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.


Buffer overflow in zawhttpd 0.8.23, and possibl

zawhttpd | overflow | Buffer |

Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.


PHP remote file inclusion vulnerability in reso

resources/includes/poppconfigloaderincphp | vulnerability | inclusion | PopPhoto | PopSoft | Digital | remote | Studio | file | PHP |

PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."


BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allo

information | attackers | sensitive | malformed | WebLogic | previous | requests | remote | allows | reveal | obtain | Server | which | Gold | data | HTTP | via | BEA |

BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.


Panda Software Antivirus before 20070402 allows

Antivirus | Software | before | Panda |

Panda Software Antivirus before Monday, April 02, 2007 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.


avpack32.dll before 7.3.0.6 in Avira AntiVir al

avpack32dll | before |

avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.


avast! antivirus before 4.7.981 allows remote a

antivirus | before | avast |

avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.


unzoo.c, as used in multiple products including

including | products | multiple | AMaViS | unzooc | used |

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.


WinAce allows remote attackers to cause a denia

attackers | service | denial | WinAce | allows | remote | cause |

WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.


PicoZip allows remote attackers to cause a deni

attackers | PicoZip | service | denial | allows | remote | cause |

PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.


daemon.c in cman (redhat-cluster-suite) before

daemonc | cman |

daemon.c in cman (redhat-cluster-suite) before Friday, June 22, 2007 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests.


Software vulnerabilities results 1 to 20 of 35     
Page: 12